A REAL NIGHTMARE FOR EVERY BRIDGE CLUB
On 25 May 2018 the EU's General Data Protection Regulation (GDPR) comes into effect and it is going to be a nightmare for bridge clubs, large or small, and virtually every voluntary organisation up and down the land.
All clubs hold data - names, email addresses, telephone numbers etc - about their membership. In many ways such information is the lifeblood of a bridge club, whether it comes to scoring an event, uploading results or trying to arrange a partner.
If you want to contact another member to fix up a game, currently you can find their details via a password-protected members section of the club website. Failing that, you can ask me or a fellow committee member and we will point you in the right direction. Some clubs, such as our neighbours in Clare, helpfully publish an annual list of membership details which is very useful.
This is not a joke. It is painfully serious.
Such a common sense approach goes flying out of the window come 25 May by which time, to use a phrase straight out of Sir Humphrey's civil service handbook, Stansfield bridge club has to be 'GDPR compliant.'
And should you think we can turn a blind eye to regulations that were probably not meant to impact bridge clubs, the EBU is warning of the possibility of 'severe sanctions' against organisations that fail to comply.
While your committee will go to the end of the world in your name, facing the threat of a fine of up to 20 million Euros for ignoring or failing to comply with GDPR is probably asking too much.
A fine of up to €20 million for failing to comply
If you are still with me, you might be thinking this is a premature April Fool's Day joke. I promise you it is not. This is painfully serious.
The EBU is providing us with templates for privacy policy notices, club joining forms, how to cope with a personal data security breach, setting up a security breach log and facts on whether we have to register with the Information Commissioners Office etc etc. Because every club is deemed to be a 'Data Controller' we will have to enter into a yet to be specified contract. All of this is going to require many hours work to assimilate and decide what we have to do in practice.
Eventually, we will be probably asking members to help us become 'compliant' by, among other things, giving active consent for your data to be stored and used.
My only request at this stage is not to ignore any communications from us about data protection. Sadly, they will matter.
Should you wish to read more about this nightmare click on GDPR which will take you to the EBU page devoted to the issue.
Richard
|